GDPR – General Data Protection Regulation

General Data Protection Regulation

General Data Protection Regulation will replace existing data protection law in all EU member states on 25th May 2018 and is designed to result in single, uniform set of data protection rules applying across the EU.

Data protection laws arose from concerns over individuals’ right to privacy as increasing amounts of personal information was gathered by businesses and other organisations throughout the 20th century.

Digital technology has changed the way many organisations operate and the evolving means of collecting, storing and processing personal data means that laws needed to be changed to keep pace. GDPR accounts for modern methods of capturing and processing people’s data and takes steps to ensure people have sufficient control over their own information. GDPR protects individuals, not organisations.

Data protection is not just about digital information, but all personal information that is stored.

GDPR emphasises transparency, security and accountability by data controllers, while at the same time standardising and strengthening the right of European citizens to data privacy. These new regulations allows individuals to request access, corrections and removal of their personal information in ways that weren’t available before and requires clear evidence of consent from individuals.

With regards to children, GDPR enhances the protection of children’s personal data. Any privacy notes for services offered directly to children must be written in clear, simple language. A child under 16 cannot give consent themselves. This is required from a person holding ‘parental responsibility’ (parent/guardian).

Click here to see the IAYO GDPR Guidelines and GDPR checklist.


For further information and resources for preparing for GDPR, see the following websites: